With the release of Consent Mode V2, Google has announced that using Consent Mode will be mandatory in Europe to continue using Google Ads and other advertising platforms to their full potential. With user privacy and the use of data cookies under a microscope, it is only a matter of time until the rest of the world will follow suit with similarly strict restrictions on cookie use. Several countries, including New Zealand, have already started making law changes to account for user data privacy rights online.
A feature within Google Tag Manager, Consent mode interacts with your Consent Management Platform (CMP) or custom implementation for obtaining visitor consent, such as a cookie consent banner. Consent Mode receives user consent choices from your cookie banner or widget and dynamically adapts the behaviour of Google Analytics, Ads, and other third-party tags that create or read cookies on your website.
Data collection is an important part of running a business and is particularly important for Marketing. Changes to regulations around consent when collecting data mean that it is important for businesses to take action to avoid legal repercussions for non-compliance.
In this article we will look at what regulations mean for you and your business and how to ensure you comply with all the legal requirements.
Changes to Collecting User Data Online
Ambiguity around legal cookie use online is still a significant issue globally, despite new regulations defining their legal use and necessary permissions being in effect since 2020.
International Regulations For User Rights Online
As users have become more aware of data cookies and how they work, there has been an increased focus on privacy in relation to the use of cookies to track user behaviour and identifiable data on websites. The General Data Protection Regulation (GDPR) came into effect in the European Union (EU) and across the European Economic Area (EEA) in 2020 putting strict regulations in place to enforce the consensual collection of personal and identifiable data of online users in the EU and EE. Similar initiatives were passed in the United States of America (USA) with the California Consumer Privacy Act (CCPA) in California and Brazil with the General Data Protection Law (LGPD).
These initiatives explicitly define the requirements of cookie consents with respect to the privacy rights of the user. In all cases, regulations mean that users must have the choice to opt out of sharing their information with the organisation whose website they’re on through the use of cookies. Users may also partially opt in and must be able to request and receive a copy of the data held about them and request its immediate and complete deletion – even after initially agreeing to this data being collected. For businesses operating across borders, especially in the EU, USA or Brazil, these restrictions have required that existing privacy policies be rewritten and cookie consent policies be created and implemented as non-compliance can result in the issuance of fines and possible criminal proceedings in certain cases.
The New Zealand Privacy Act (2020)
Although New Zealand does not have any specific legislation governing cookie use online, the New Zealand Privacy Act (2020) is strict in how businesses and organisations may treat the personal and identifiable information of individuals in New Zealand. These legal requirements extend to online data collection and tracking too.
Organisations are required to know of all trackers, cookies and other technologies on their website that use, track, store or share personal information from individuals in New Zealand for any purpose. The Privacy Act (2020) also requires that individuals be notified and informed about the collection of their data prior to collection beginning. It stipulates that the user be informed, in unambiguous terms, about the type of data being collected, the purpose of its collection, and with whom this data will be shared.
The robust nature of the New Zealand Privacy Act (2020) means that it applies to the use of cookies and other online data tracking technologies despite not explicitly mentioning either. Therefore it is important that websites using cookies to track user data for any reason, even for purely functional reasons, offer a cookie consent disclaimer and cookie policy.
So What Are Cookies?
In very simple terms, digital cookies are small text files that act like memory cards. Cookies are designed to remember user information, preferences, and interactions with a website. For marketing purposes, they play a crucial role in enhancing user experience, tailoring content, and enriching shopping or browsing engagements, as well as enabling various functionalities on websites. There are two main cookie types that are predominantly used for marketing purposes. These are:
First-Party Cookies:
- Originating from the website a user is currently visiting.
- Used for basic functionalities like remembering login details and user preferences.
- For analytics purposes these cookies are usually used to track user behaviour on an organisation’s own website.
Third-Party Cookies:
- Placed on the user’s browser by domains other than the one a user is currently visiting – ie. a third party.
- Widely used for tracking identifiable and behavioural data across domains.
- Increasing privacy concerns and regulatory changes are leading to the limiting and degradation of the use of third party cookies.
How Can Consent Mode Help?
Managed through Google Tag Manager, Consent Mode is a feature that lets you communicate your users’ cookie or app identifier consent status to Google Tag Manager. Tags adjust their behaviour and respect user choices. Consent Mode interacts with your Consent Management Platform (CMP) or custom implementation for obtaining visitor consent, such as a cookie consent banner. At the end of November 2023, Google released Consent Mode V2, which will be mandatory for advertisers collecting data on EU users from March, 2024.
How Does Consent Mode Work?
When a user enters a website, they are presented with a cookie consent banner. With Consent Mode enabled, all tags will remain frozen until the user has dismissed the notification. If the user dismisses the notification and interacts with the website, Consent Mode takes this information from the CMP and enables our tags to fire and begin data collection. Without Consent Mode enabled, tags within Google Tag Manager start gathering data on the user as soon as the session starts, prior to notifying them of any data tracking, which is a breach of the New Zealand Privacy Act (2020).
What Do New Zealand Businesses Need To Do?
Due to continuously growing restrictions overseas and the growing concern over user privacy, it is more important than ever to ensure that your website is compliant with user consent requirements. Websites should have a cookie notice banner and use a tool like Consent Mode to pause all data collection until the user has had time to read the notice and continues to interact with the website.
Operating a Website Across Borders
If your website is aimed at a global audience, there may be other specific requirements for the website to follow. A good Cookie Management Platform, like Cookiebot, can manage this and ensure that regulations are met.
Operating A Website In Europe
A user from the European Union should be presented with a cookie consent banner when they enter a website. The banner needs to outline the different types of cookies that are used on the site to comply with GDPR. The user will be able to deny all, allow all, or allow a selection of cookies that they prefer to share their information with. The CMP will communicate their choices to Google Tag Manager using Consent Mode and the tags will fire appropriately.
For example: If the user allows all cookies except those related to advertising, all tags will be allowed to fire in Tag Manager except the tags that require ad_storage consent specifically. This would include any Google Ads tags, Meta pixels, & Linkedin Insight Tags. If a large proportion of website visitors do not consent to enable advertising or marketing cookies, Consent Mode includes an AI powered consent modelling function. This means that it has the ability to fill in data gaps when a user does not consent to certain cookies.
Not installing Consent Mode will not prevent ads from running in the EU and EEA. However, these ads cannot leverage any user data for optimisation.
Need A Hand?
Unbound is now partnered with Cookiebot. Cookiebot is a Google certified Cookie Management Platform (CMP).
1: Our specialist team will help you to get your Cookiebot account configured.
2: Configure a Cookie Consent Banner that fits within your branding and privacy policy.
3: Implement the banner on your website or work with your developers to achieve this.
4: Configure Consent Mode V2 on your Google Tag Manager account and configure your tags to interact correctly with your new cookie consent banner.
Most websites in New Zealand are not compliant with the regulations set out in the New Zealand Privacy Act (2020) and are vulnerable to penalisation. Although reports of organisations charged with non-compliance for the use of personal data are few, the increased international spotlight on the issue will likely mean greater scrutiny of websites in New Zealand. Setting up a cookie consent banner and using Consent Mode is easy and offers peace of mind that your business complies with New Zealand privacy laws.
If you would like some help with your cookie consents or the implementation of Consent Mode for your digital marketing, get in touch today.
